ORIENTATION MODULE #2

HIPAA, COMPLIANCE &

PROFESSIONALISM For Clinical Students and Instructors

FVHCA Member Clinical Sites

Revised May 8, 2014

1

Objectives

At the completion of this orientation module, students and/or instructors will be able to:

Define HIPAA and how it affects your role;

Identify methods to maintain the privacy and confidentiality of personal protected health information;

Indicate compliance and regulatory issues that may impact your role.

Understand the importance of professionalism.

2

All students and instructors who participate in clinical

activities are deemed “workforce members” at the various

healthcare systems.

All policies and procedures are applicable to “workforce

members”, just as they would be for employees.

This includes policies and procedures related to HIPAA,

Confidentiality and other Compliance or Regulatory

requirements.

NOTE: If the both the school and agency has policy

regarding consequences for violating HIPAA, Confidentiality

or other Compliance or regulatory requirements, the stricter

of the two policies will be enforced.

3

REMINDER:

Important!!! When reading this module, please

know that you are accountable for

understanding the information that

is presented and if you have any

questions, you will need to talk to

your instructor/school/facility and

find out the answer before going

any further.

4

What is HIPAA?

In 1996, the federal government passed a law named “HIPAA” (Health Insurance Portability and Accountability Act).

The original & primary intent of the law was to provide continuous insurance coverage for employees who changed jobs.

When writing the law, the authors became aware of how much personal health information was shared between health care providers and insurance companies.

Because of this, additional sections were added to the law, requiring healthcare providers to adopt standards in the areas of privacy, security and electronic transfer of data or billing.

5

What is HIPAA?

The law defines “protected health information” (PHI) and sets standards for health care providers to protect that information.

All healthcare systems have policies in place to ensure that PHI is available, private and secure in order to promote quality care and treatment.

6

What happens to those that don’t comply?

If not, the law also defines stiff penalties (fines and even imprisonment) for violating any privacy provisions. These penalties apply to any member of the “workforce team”.

Some Wisconsin State laws also protect the privacy of patient information.

7

Patient Privacy Rights

Under HIPAA, patients have certain rights:

Right to access their health information.

Right to request an amendment to their PHI if they feel the information is incomplete or inaccurate.

Right to request a place to receive PHI.

Right to request restrictions on what PHI can be disclosed.

Right to request an accounting of what PHI has been disclosed.

8

What is Confidential?

Any information that we collect, create, store, etc.,

that relates to an individual’s health and identifies that

patient, client or resident is confidential.

This is called Protected Health Information, or PHI.

PHI includes any information we create.

PHI includes any personal information we ask the

patient, client or resident to provide.

9

Examples of PHI

Protected Health Information (PHI):

Medical Record Number

Billing Information

Medical Information

Name

Address

Date of Birth (DOB)

Phone Number

Insurance and Social Security Numbers

Medical History

10

Forms of PHI

PHI can be seen in different forms.

Be aware of these examples:

Spoken information

Paper, documents, charts

Computer screens

White boards (surgery schedules, patient

boards)

Photos, videos

Medical container labels (prescription

bottles, IV labels, packages, specimen

labels, etc.)

11

Be aware of ePHI

The “e” in “ePHI” stands

for electronic.

“ePHI” is any information

that is accessed or stored

electronically using

computers or other

equipment.

These electronic devices

or computers include:

Desktop computers

Laptop/tablet

computers

PDA (personal digital

assistants)

Smart phones

Computer discs or flash

drives

And others

12

Caution: Technology/Social Media

Social media is a valuable tool when used wisely.

However, it can pose significant risks to you—including

removal from school program and/or employment-- if

used inappropriately.

View this 5 minute video to learn more:

https://www.ncsbn.org/2930.htm

13

Caution: Technology/Social Media

In addition, confidential information should not be

transferred to or from, or stored within, any form of

personal technology (e.g. personal computers, cell

phones, etc.)

It should never be shared in any form of social media

outlet such as Facebook, YouTube, Twitter, etc.

Please be aware of and adhere to cell phone usage

policies at healthcare facilities.

14

Caution: Technology/Social Media

Never share patient information or

pictures using any form of

communication; texting, cell phones,

Facebook, twitter, etc.

Non-compliance can result in

immediate dismissal from the agency

and/or program.

15

The HIPAA Security Rule

The HIPAA security rule was also developed and now paired with the privacy rule.

The HIPAA security rule has additional requirements regarding how ePHI is accessed, stored, displayed, and transferred electronically.

The security rule requires healthcare providers make sure health information is available when needed and we ensure the integrity of the information.

Integrity – this means we must make sure the information is not altered or changed by anyone who does not have the authority to do so.

16

The HIPAA Security Rule

The security rule also has requirements regarding how

information is accessed.

All healthcare systems have special safeguards in place

to protect ePHI.

As part of the workforce team in a healthcare system,

you may or may not be provided with computer access.

HIPAA and Healthcare Systems require unique identifiers

to access computer applications or systems that contain

patient, client or resident information.

17

Always remember:

YOU MUST SAFEGUARD THE

PRIVACY AND SECURITY OF PHI.

18

For Students and Instructors with

Computer Access

If you are provided computer access with an assigned user ID and password, you must protect the privacy and security of patients’ PHI at all times.

Also, protect your password and keep it secure.

Do not share it with others on the workforce team.

Do not write it or store it in a place accessible by others.

And use a “strong” password (avoid pet names, sports team names or phone numbers, etc.).

19

Access to PHI

Each healthcare system has specific policies governing

how information is accessed and who may access it.

Please be aware of and adhere to system policies

surrounding the minimum necessary information you

may be allowed to access.

This information may be found in the healthcare

system site links.

20

YOUR ROLE IN CONFIDENTIALITY,

PRIVACY, AND SECURITY OF PHI

21

Physical Privacy and Security

Do not leave PHI in an area that is public or where unauthorized individuals may come in contact with it.

Dispose of printed PHI in secure recycling/

shredding bins.

Labels (bottles, IV bags, other) containing PHI should be discarded in privacy bins or “blackened out” prior to discarding.

The sharing of patient/resident PHI should be done in a private and secure manner (not in the hallway, break room, cafeteria, elevator, etc.)

22

Physical Privacy and Security

Workstations (computers) should be logged off when not in use.

Turn screens away from public view, use privacy screens.

Use screen savers when user has stepped away from computer.

E-mails may not contain ePHI unless the information is encrypted or safeguarded in some other manner.

23

Physical Privacy and Security

Report suspicious behavior by others to security or

information services departments.

Each healthcare system has procedures for disposing

of documents or media (CDs, flash drives, PDAs, etc.)

containing patient PHI. Please follow these when

indicated.

24

Tips for Students/Instructors

Be cautious of where you hold conversations, especially about patients and their families.

Never leave medical records/films in an open area, including census print outs, or other documents.

Don’t share passwords with others.

Don’t share information about friends or family (in the facility) with others.

Do not discuss cases or PHI of patients you are not directly involved with.

Don’t make copies of medical records or use patient names (from the clinical site) in case studies you prepare for school.

25

Tips for Students/Instructors

For example, if a friend or family member says, “I heard that Mary Smith is in the hospital. Did you see her there?” You should respond something like, “I have no information about that.”

If you see a family member or friend in the lobby/cafeteria, you cannot share that information with anyone. Example: “I saw Aunt Susie in the hallway at the hospital”, would be a breach of confidentiality.

The easiest way to remember how to implement this law is the saying;

“What you see here, or hear here, must stay here.”

26

IMPORTANT:

Students may NOT access their

own personal records, or the

records of friends or family while

at the clinical agency.

….this is a HIPAA violation, too.

27

Compliance

Each healthcare system or facility abides by specific policies, procedures and regulatory standards.

When we trust that facilities are doing this, it is referred to as corporate integrity.

Corporate integrity or “corporate compliance” means that an organization is abiding by high moral principles and standards set out by that organization.

28

Compliance Plans

Healthcare systems include the following in their compliance plans:

General standards of workforce conduct are established.

Background checks on all workforce team members including students and instructors must be completed.

Rules and regulations that healthcare systems must follow.

29

Compliance

The HIPAA Privacy and Security rules are an

example of an area of compliance for healthcare

systems and facilities.

Each healthcare system may have different codes

of conduct or compliance manuals.

You may find this information in the facility links on

the FVHCA website.

30

Compliance Plans

The rules that healthcare systems must follow are:

Health Insurance Portability and Accountability Act (HIPAA)

False Claims Act (FCA)

Anti-Kickback Statute (AKS)

Physician Self-Referral Prohibition (also called the Stark Law)

Emergency Medical Treatment and Active Labor Act (EMTALA)

Fraud and Abuse in Billing

31

False Claims Act (FCA)

Any organization that makes a false claim to

the government (Medicare/Medicaid) for

payment is in violation of the FCA.

Example: Sending a bill for a service that was not

done.

If an organization is found guilty of doing this,

they may be prohibited from participating in

any Medicare/Medicaid or other federally

funded healthcare program.

32

Anti-Kickback Statute

The federal law forbids anyone to offer,

pay, ask for, or receive something of

value in return for referring Medicare or

Medicaid patients.

There are fines up to $25,000

associated with this violation.

33

The Physician Self-Referral Law

This law is only related to physicians.

The government forbids physicians from referring

patients to an entity where a physician has a financial

relationship with that entity.

There are, however, many complicated exceptions to

this law.

34

Emergency Medical Treatment and Active

Labor Act (EMTALA)

NOTE: This EMTALA law pertains only to those

facilities who have a designated Emergency

Department.

EMTALA was created during a time when hospitals

often refused to treat uninsured patients who arrived

by ambulance.

The hospital must perform a medical screening exam

to determine if an emergency condition exists for

anyone who comes to the emergency department

(regardless of their ability to pay).

35

EMTALA

If there is an emergency medical condition:

The hospital must stabilize the medical condition

OR

Transfer that person to another facility,

if the hospital cannot treat the person.

36

Fraud and Abuse in Billing

This refers to knowingly billing for services provided, submitting inaccurate or misleading claims or actual services provided or making false statements to obtain payment.

Fraud is an intentional act. In other words, the person knows they are doing something wrong.

The government (Federal Office of the Inspector General – OIG) investigates and targets different health care areas to assure this is not happening.

37

Reporting Compliance Issues

If you see things that may not be

lawful, ethical or do not protect the

privacy and security of the patient,

client or resident, please notify

your instructor, the supervisor, or

department manager at the

facility.

38

Following discovery of a breach in privacy:

An investigation will take place based on a facility’s

policy.

Patients are notified of the infraction and can know

who did it, as well as what was done to mitigate the

infraction.

Any civil or criminal penalties can be imposed on the

individual with the infraction, the school and the

clinical site.

The Secretary of the Department of Health and

Human Services, the news media, and law

enforcement officials may also be notified.

39

A final reminder regarding privacy…

Remember, as a member of the healthcare workforce

team, you have an obligation to keep protected health

information confidential, private, and secure.

For additional information regarding privacy policies

and compliance plans, please refer to the healthcare

site’s policies and procedures.

40

THE IMPORTANCE OF

PROFESSIONALISM

IN THE WORKPLACE

41

Professionalism

Acting professionally is an important part of any

work environment and is a major part of your career

growth.

Professional behavior and attitudes often play a

critical role in who gets hired and promoted, as well

as in who gets fired or demoted.

42

If you want to have a successful career---you MUST know how to act professionally!

Definition of Professionalism

Webster’s dictionary defines it as, “the conduct, aims,

or qualities that characterize or mark a profession or

a professional person.”

That sounds nice, but what does it mean? There is

much more to being a professional than simply

acquiring training and skills.

Professionals have earned the respect of their

colleagues, patients, and everyone around them.

43

5 Keys for true professionals:

Character

Attitude

Excellence

Competency

Conduct

These categories include things like respecting others,

the ability to work as part of a team, and the way

you present yourself at all times.

44

Professional Behavior

Written or verbal communication, including email.

Use proper grammar, and not “slang” or abbreviations.

Be conscious of your “tone”, especially how something

could be perceived when emailing.

Be careful of raising your voice or acting on emotions.

People often do or say things driven by the spur of the

moment that they later regret.

Avoid references to anyone’s personal characteristics

such as nationality, race, gender, appearance, or

religious or political beliefs. Personal situations or

problems should also stay out of the workplace.

45

Professional Behavior-continued

Be ready at all times-being a professional is being on

time and ready to work.

Never speak badly about a patient, co-worker, or

supervisor. Your comment will eventually reach the

person you spoke about.

Lying—being deceitful or dishonest will tarnish your

reputation for life. It’s just not worth it!

46

Professional Dress 47

If you come to work sloppily dressed, your looks will

portray an image of a disorganized employee.

Keep yourself covered (keep your undergarments

under your garments )

Moderate jewelry (limit piercings to ear lobes-one

earring in each ear only)

Nicely styled hair and moderate makeup

No perfumes or potentially offensive smells (cigarette

smoke, etc)

No visible tattoos

Professionalism is important.

Almost every organization has a list of core values

that they view as vital to their success.

Take some time to find out what those values are

before you start a clinical placement.

Remember, a clinical placement can really be the first

step to an employment opportunity in the future! It’s

your first chance to show that you have the potential

to be a professional employee.

48

Completing your Online

Orientation Modules

Congratulations, you are almost done!

After completing both learning modules:

Module 1: Infection Control, Bloodborne Pathogens and Safety

Module 2: HIPAA, Compliance and Professionalism

Click here and continue with Step 3.

49